Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Sigma is an open YAML-based detection rule format converted to any SIEM query language, enabling vendor-neutral sharing of log-based detections.
Sigma Rules Definition: Sigma is an open YAML-based detection rule format converted to any SIEM query language, enabling vendor-neutral sharing of log-based detections.
Sigma is an open, generic, YAML-based signature format for describing log-based detections in a vendor-neutral way. An analyst writes a detection rule once and uses a converter to translate it into the native query language of a specific SIEM, such as Splunk SPL, Microsoft KQL, or Elastic Query DSL. This portability makes Sigma a common standard for sharing and collaborating on detection content across the security community.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →